• Save
ISSA NL event 2013 06 06 Limits, Not Rails
Upcoming SlideShare
Loading in...5
×
 

ISSA NL event 2013 06 06 Limits, Not Rails

on

  • 175 views

On the necessary re-design of security controls. To provide guiding rails to keep only those that sway too far out, instead of slamming everyone into compliance with too-tight rails.

On the necessary re-design of security controls. To provide guiding rails to keep only those that sway too far out, instead of slamming everyone into compliance with too-tight rails.

Statistics

Views

Total Views
175
Views on SlideShare
175
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    ISSA NL event 2013 06 06 Limits, Not Rails ISSA NL event 2013 06 06 Limits, Not Rails Presentation Transcript

    • LimitsNot railsAbout groups, rules and defectorsJurgen van der VlugtDialogues House Amsterdam, 6 June 2013
    • Introduction• Jurgen = Ir.drs. J. van der Vlugt RE CISA CRISC• Plus the usual disclaimer that this is Work In Progress• So, questions please
    • Agenda• Rails• Rubbish• Reactions• Radicals• Guiding rails• Risk ‘Management’
    • Rails
    • RailsPeople-less Process & Technology
    • Rubbish →
    • (FUD)
    • Reactions to rules
    • Response
    • Range
    • Reaction;ratio (!) and psycho
    • Radicals• Extremist-bureaucrats• Defectors• ALWAYS• They belong!• Keep it fresh!• So keep them close…?
    • Freedom through guiding railsDe scheef is niet van caouchouc
    • Guiding rails
    • Societal pressures; effective design• Understand the societal dilemma• Consider all four societal pressures• Pay attention to scale• Foster empathy & community• Use security systems to scale• Harmonize institutional pressures• Ensure fin.penalties ~ detection likelihood• Choose general, reactive sec.systems• Reduce power concentrations• Require transparency
    • Clear requirements
    • Resilience
    • Pt > Dt + Rt(Pt > 0)E = Dt + Rt(Pt = 0) →Zero-day exploits, orany unknown vectors(Note:• Clusterfucks• FUQedBoy scout model!Guiding rails
    • Conclusion: Risk ‘Management’• Biases (list)• Notice the weak signals• Be creative• Don’t be a dictator (guiding rails)• Clear requirements• Be Prepared!
    • Hope you enjoy(ed) the rideThat was all. Thank you.
    • Dank u
    • Further Reading
    • • Jvdvlugt@maverisk.nl• LinkedIn http://nl.linkedin.com/in/jurgenvandervlugt/• Twitter @jvdvlugt• (G+, Pinterest, Tumblr, etc.etc.)“I hate quotations” (Ralph Waldo Emerson 1849, quoted by Rem Koolhaas in S, M, L, XL, 1995)Contact detailsDogma: The problem starts at the secondary level, not with theoriginator or the developer of the idea but with the people who areattracted by it, who cling to it until their last nail breaks, and whoinvariably lack the overview, flexibility, imagination, and, mostimportantly, sense of humor, to maintain it in the spirit in which it washatched. Ideas are made by masters, dogma by disciples, and theBuddha is always killed on the road. (Tom Robbins, Still Life withWoodpecker, 1984)